https://api.fordefi.com/
These endpoints allow you to get information about users in your Fordefi organization.
There are several types of users in the Fordefi platform:
Users can have one of three possible roles, which define the permissions that the user is given:
The Users API is currently read-only. To add/remove users, visit the Fordefi web console.
These endpoints allow you to manually trigger your pre-configured webhooks.
Use Webhooks describes how to configure webhooks, validate them, and resend them.
These endpoints allow you to list the contacts in your address book.
To add/remove contacts, visit the Fordefi web console. See the user guide for more info.
These endpoints allow you to manage transactions on the Fordefi platform.
A transaction represents an operation that can be one of the following:
The filter applies both to transactions that have been signed by the vault and also to transactions that have interacted with the vault.
Transaction hashes to filter by. Will return transactions with any of the specified hashes. The format of the hash depends on the blockchain type.
https://api.fordefi.com/api/v1/transactions/export
curl -i -X GET \
'https://api.fordefi.com/api/v1/transactions/export?asset_ids=497f6eca-6276-4993-bfeb-53cbbbba6f08&chains=string&created_after=2019-08-24T14%3A15%3A22Z&created_before=2019-08-24T14%3A15%3A22Z&direction=outgoing&end_user_ids=497f6eca-6276-4993-bfeb-53cbbbba6f08&initiator_ids=497f6eca-6276-4993-bfeb-53cbbbba6f08&limit=0&modified_after=2019-08-24T14%3A15%3A22Z&search=string&signer_types=initiator&sub_types=transfer&transaction_hashes=string&transaction_ids=497f6eca-6276-4993-bfeb-53cbbbba6f08&types=aptos_message&vault_ids=497f6eca-6276-4993-bfeb-53cbbbba6f08' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>'Successful Response
The current state of the export.
The type of the resource being exported.
{ "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08", "creation_time": "2019-08-24T14:15:22Z", "type": "csv", "state": "created", "organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6", "user_id": "string", "resource_type": "user", "successful_items_count": 0, "failed_items_count": 0, "total_items_count": 0, "request_id": "string", "download_url": "string", "expiration_time": "2019-08-24T14:15:22Z" }
https://api.fordefi.com/api/v1/transactions/{id}
curl -i -X GET \
'https://api.fordefi.com/api/v1/transactions/{id}' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>'Successful Response
The date and time when the object was last modified. Any change to any field of the resource is considered a modification.
Managed transaction data. Presented if the transaction was initiated from the Fordefi system itself, in contrast to unmanaged transactions (which are, for example, transfers of funds into a vault visible to Fordefi).
automatically_set if the transaction was automatically set as spam by Fordefi, manually_set if the transaction was manually set as spam by a user, and unset if the transaction was not set as spam.
Whether the transaction was signed by an external user (for example in case of imported vault).
The state of the message.
Aptos message type.
The original message that was requested to be signed, encoded in base64.
The full message to be signed, encoded in base64.
{ "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08", "created_at": "2019-08-24T14:15:22Z", "modified_at": "2019-08-24T14:15:22Z", "managed_transaction_data": { "created_by": { … }, "aborted_by": { … }, "device_signing_request": { … }, "approval_request": { … }, "aml_policy_match": { … }, "policy_match": { … }, "signer_type": "initiator", "risks": [ … ], "error_pushing_to_blockchain_message": "string", "original_error_pushing_to_blockchain_message": "string", "vault": { … }, "idempotence_id": "20a3c79f-f547-44b3-bdfc-d8aea82ad496", "has_current_user_vault_permissions": true, "batch_data": { … }, "push_mode": "auto", "last_pushed_at": "2019-08-24T14:15:22Z", "sign_mode": "auto" }, "signatures": [ { … } ], "note": "string", "spam_state": "unset", "direction": "outgoing", "signed_externally": false, "state": "waiting_for_approval", "state_changes": [ { … } ], "type": "aptos_message", "aptos_message_type": "personal_message_type", "raw_original_message_to_sign": "SGVsbG8=", "string_original_message_to_sign": "string", "raw_full_message_to_sign": "SGVsbG8=", "string_full_message_to_sign": "string", "chain": { "chain_type": "aptos", "unique_id": "aptos_mainnet", "name": "string", "native_currency_symbol": "ETH", "native_currency_name": "Ether", "blockchain_explorer": { … }, "logo_url": "http://example.com", "is_testnet": true, "is_enabled": true }, "sender": { "vault": { … }, "explorer_url": "http://example.com", "contact": { … }, "type": "aptos", "address": "0x3300c18e7b931bdfc73dccf3e2d043ad1c9d120c777fff5aeeb9956224e5247a" } }
The filter applies both to transactions that have been signed by the vault and also to transactions that have interacted with the vault.
Transaction hashes to filter by. Will return transactions with any of the specified hashes. The format of the hash depends on the blockchain type.
State of the transaction. Can be one of the following:aborted aborting accelerated accelerating approved canceling cancelled completed completed_reverted dropped error_processing_by_exchange error_pushing_to_blockchain error_signing error_submitting_to_exchange insufficient_funds mined mined_reverted pending_exchange pushed_to_blockchain queued signed stuck waiting_for_approval waiting_for_signing_trigger, or an aggregation of states:
error, which can be one of:completed_reverteddroppederror_processing_by_exchangeerror_pushing_to_blockchainerror_signingerror_submitting_to_exchangeinsufficient_fundsfinalized, which can be one of:abortedacceleratedcancelledcompletedcompleted_reverteddroppederror_processing_by_exchangeerror_pushing_to_blockchainerror_signingerror_submitting_to_exchangeinsufficient_fundspending, which can be one of:abortingacceleratingapprovedcancelingminedmined_revertedpending_exchangepushed_to_blockchainqueuedsignedstuckwaiting_for_approvalwaiting_for_signing_triggerhttps://api.fordefi.com/api/v1/transactions
curl -i -X GET \
'https://api.fordefi.com/api/v1/transactions?asset_ids=497f6eca-6276-4993-bfeb-53cbbbba6f08&batch_ids=497f6eca-6276-4993-bfeb-53cbbbba6f08&chains=string&created_after=2019-08-24T14%3A15%3A22Z&created_before=2019-08-24T14%3A15%3A22Z&direction=outgoing&end_user_ids=497f6eca-6276-4993-bfeb-53cbbbba6f08&include_blackbox=true&include_full_response=true&initiator_ids=497f6eca-6276-4993-bfeb-53cbbbba6f08&is_hidden=true&modified_after=2019-08-24T14%3A15%3A22Z&page=1&search=string&signer_types=initiator&size=50&sort_by=created_at_asc&states=pending&sub_types=transfer&transaction_hashes=string&transaction_ids=497f6eca-6276-4993-bfeb-53cbbbba6f08&types=aptos_message&vault_ids=497f6eca-6276-4993-bfeb-53cbbbba6f08' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>'{ "total": 0, "page": 0, "size": 0, "transactions": [ { … } ] }
Signature of the body. Base64 encoded string. If the request is made programatically by an API user, signing of the request is required and is intended to protect you from malicious backends.
Timestamp of the signature. Integer. Specify an Epoch date. If the request is made programatically by an API user, the timestamp of the request is required and is intended to protect you from replay attacks.
The signer of the transaction. Can be:
initiator: The creator of the transaction (default).api_signer: A service that you run on your own network or cloud environment. end_user: A mobile device using Fordefi's SDK.The sign mode of the transaction determines when the transaction will transition to the signing phase. It can be one of the following:
auto: The transaction will move to signing automatically after approval.triggered: The transaction will be in the waiting_for_signing_trigger state until "Trigger Transaction Signing" is called. Currently supported only for API Signer signer type.Aptos message type.
https://api.fordefi.com/api/v1/transactions
curl -i -X POST \
https://api.fordefi.com/api/v1/transactions \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'Content-Type: application/json' \
-H 'x-idempotence-id: 497f6eca-6276-4993-bfeb-53cbbbba6f08' \
-H 'x-signature: SGVsbG8=' \
-H 'x-timestamp: 0' \
-d '{
"vault_id": "432b199b-1f71-42bf-ba0b-33d512afa9de",
"note": "string",
"signer_type": "initiator",
"sign_mode": "auto",
"dapp_info": {
"url": "string",
"name": "string"
},
"type": "aptos_message",
"details": {
"type": "personal_message_type",
"should_include_address": true,
"application": "string",
"should_include_application": true,
"chain": "aptos_mainnet",
"should_include_chain": true,
"message_to_sign": "SGVsbG8=",
"nonce": "string"
}
}'Successful Response
The date and time when the object was last modified. Any change to any field of the resource is considered a modification.
Managed transaction data. Presented if the transaction was initiated from the Fordefi system itself, in contrast to unmanaged transactions (which are, for example, transfers of funds into a vault visible to Fordefi).
automatically_set if the transaction was automatically set as spam by Fordefi, manually_set if the transaction was manually set as spam by a user, and unset if the transaction was not set as spam.
Whether the transaction was signed by an external user (for example in case of imported vault).
The state of the message.
Aptos message type.
The original message that was requested to be signed, encoded in base64.
The full message to be signed, encoded in base64.
{ "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08", "created_at": "2019-08-24T14:15:22Z", "modified_at": "2019-08-24T14:15:22Z", "managed_transaction_data": { "created_by": { … }, "aborted_by": { … }, "device_signing_request": { … }, "approval_request": { … }, "aml_policy_match": { … }, "policy_match": { … }, "signer_type": "initiator", "risks": [ … ], "error_pushing_to_blockchain_message": "string", "original_error_pushing_to_blockchain_message": "string", "vault": { … }, "idempotence_id": "20a3c79f-f547-44b3-bdfc-d8aea82ad496", "has_current_user_vault_permissions": true, "batch_data": { … }, "push_mode": "auto", "last_pushed_at": "2019-08-24T14:15:22Z", "sign_mode": "auto" }, "signatures": [ { … } ], "note": "string", "spam_state": "unset", "direction": "outgoing", "signed_externally": false, "state": "waiting_for_approval", "state_changes": [ { … } ], "type": "aptos_message", "aptos_message_type": "personal_message_type", "raw_original_message_to_sign": "SGVsbG8=", "string_original_message_to_sign": "string", "raw_full_message_to_sign": "SGVsbG8=", "string_full_message_to_sign": "string", "chain": { "chain_type": "aptos", "unique_id": "aptos_mainnet", "name": "string", "native_currency_symbol": "ETH", "native_currency_name": "Ether", "blockchain_explorer": { … }, "logo_url": "http://example.com", "is_testnet": true, "is_enabled": true }, "sender": { "vault": { … }, "explorer_url": "http://example.com", "contact": { … }, "type": "aptos", "address": "0x3300c18e7b931bdfc73dccf3e2d043ad1c9d120c777fff5aeeb9956224e5247a" } }
Signature of the body. Base64 encoded string. If the request is made programatically by an API user, signing of the request is required and is intended to protect you from malicious backends.
Timestamp of the signature. Integer. Specify an Epoch date. If the request is made programatically by an API user, the timestamp of the request is required and is intended to protect you from replay attacks.
The signer of the transaction. Can be:
initiator: The creator of the transaction (default).api_signer: A service that you run on your own network or cloud environment. end_user: A mobile device using Fordefi's SDK.The sign mode of the transaction determines when the transaction will transition to the signing phase. It can be one of the following:
auto: The transaction will move to signing automatically after approval.triggered: The transaction will be in the waiting_for_signing_trigger state until "Trigger Transaction Signing" is called. Currently supported only for API Signer signer type.Aptos message type.
The maximum time in seconds to wait for the transaction to reach the specified state. For states that require more than 50 seconds, using webhooks or polling is preferable.
https://api.fordefi.com/api/v1/transactions/create-and-wait
curl -i -X POST \
https://api.fordefi.com/api/v1/transactions/create-and-wait \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'Content-Type: application/json' \
-H 'x-idempotence-id: 497f6eca-6276-4993-bfeb-53cbbbba6f08' \
-H 'x-signature: SGVsbG8=' \
-H 'x-timestamp: 0' \
-d '{
"vault_id": "432b199b-1f71-42bf-ba0b-33d512afa9de",
"note": "string",
"signer_type": "initiator",
"sign_mode": "auto",
"dapp_info": {
"url": "string",
"name": "string"
},
"type": "aptos_message",
"details": {
"type": "personal_message_type",
"should_include_address": true,
"application": "string",
"should_include_application": true,
"chain": "aptos_mainnet",
"should_include_chain": true,
"message_to_sign": "SGVsbG8=",
"nonce": "string"
},
"timeout": 10,
"wait_for_state": "waiting_for_approval"
}'Successful Response
The date and time when the object was last modified. Any change to any field of the resource is considered a modification.
The state of the transaction.
The state of the transaction.
The state of the transaction.
{ "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08", "created_at": "2019-08-24T14:15:22Z", "modified_at": "2019-08-24T14:15:22Z", "signatures": [ "SGVsbG8=" ], "state": "waiting_for_approval", "has_timed_out": true }
https://api.fordefi.com/api/v1/transactions/{id}/approve
curl -i -X POST \
'https://api.fordefi.com/api/v1/transactions/{id}/approve' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>'Abort a transaction.
Abort is possible only for a transaction that is in one of the following states:
The aborting user must be one of the following:
API users can abort only the transactions they created.
https://api.fordefi.com/api/v1/transactions/{id}/abort
curl -i -X POST \
'https://api.fordefi.com/api/v1/transactions/{id}/abort' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>'Signature of the body. Base64 encoded string. If the request is made programatically by an API user, signing of the request is required and is intended to protect you from malicious backends.
Set who should sign the transaction.
True if transaction creation should fail in case prediction failed, False otherwise.
In case simulation has failed upon continuation, the expected result of the transaction will be partial and policy will be applied on information that can be extracted statically from the transaction only. This might result in falling back to the default policy rule.
Using the Custom Gas Request option, you specify gas_limit, as well as the following gas details:
legacy (meaning a chain where gas price can be specified exactly), you must specify only the price of a gas unit. dynamic (meaning a chain where gas price can be determined dynamically), you must specify two additional values: max_priority_fee_per_gas, the maximum tip amount for mining your transaction max_fee_per_gas, the maximum amount you are willing to pay for the fee (ultimately, either you'll pay this amount, or less, depending on the network base fee). https://api.fordefi.com/api/v1/transactions/{id}/release
curl -i -X POST \
'https://api.fordefi.com/api/v1/transactions/{id}/release' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'Content-Type: application/json' \
-H 'x-signature: SGVsbG8=' \
-H 'x-timestamp: 0' \
-d '{
"type": "evm_transaction",
"release_type": "cancel",
"signer_type": "initiator",
"fail_on_prediction_failure": true,
"note": "string",
"gas": {
"gas_limit": "1000000000000000000",
"type": "custom",
"details": {
"type": "legacy",
"price": "1000000000000000000"
}
}
}'Successful Response
The date and time when the object was last modified. Any change to any field of the resource is considered a modification.
Managed transaction data. Presented if the transaction was initiated from the Fordefi system itself, in contrast to unmanaged transactions (which are, for example, transfers of funds into a vault visible to Fordefi).
automatically_set if the transaction was automatically set as spam by Fordefi, manually_set if the transaction was manually set as spam by a user, and unset if the transaction was not set as spam.
Whether the transaction was signed by an external user (for example in case of imported vault).
The state of the message.
Aptos message type.
The original message that was requested to be signed, encoded in base64.
The full message to be signed, encoded in base64.
{ "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08", "created_at": "2019-08-24T14:15:22Z", "modified_at": "2019-08-24T14:15:22Z", "managed_transaction_data": { "created_by": { … }, "aborted_by": { … }, "device_signing_request": { … }, "approval_request": { … }, "aml_policy_match": { … }, "policy_match": { … }, "signer_type": "initiator", "risks": [ … ], "error_pushing_to_blockchain_message": "string", "original_error_pushing_to_blockchain_message": "string", "vault": { … }, "idempotence_id": "20a3c79f-f547-44b3-bdfc-d8aea82ad496", "has_current_user_vault_permissions": true, "batch_data": { … }, "push_mode": "auto", "last_pushed_at": "2019-08-24T14:15:22Z", "sign_mode": "auto" }, "signatures": [ { … } ], "note": "string", "spam_state": "unset", "direction": "outgoing", "signed_externally": false, "state": "waiting_for_approval", "state_changes": [ { … } ], "type": "aptos_message", "aptos_message_type": "personal_message_type", "raw_original_message_to_sign": "SGVsbG8=", "string_original_message_to_sign": "string", "raw_full_message_to_sign": "SGVsbG8=", "string_full_message_to_sign": "string", "chain": { "chain_type": "aptos", "unique_id": "aptos_mainnet", "name": "string", "native_currency_symbol": "ETH", "native_currency_name": "Ether", "blockchain_explorer": { … }, "logo_url": "http://example.com", "is_testnet": true, "is_enabled": true }, "sender": { "vault": { … }, "explorer_url": "http://example.com", "contact": { … }, "type": "aptos", "address": "0x3300c18e7b931bdfc73dccf3e2d043ad1c9d120c777fff5aeeb9956224e5247a" } }
Aptos message type.
https://api.fordefi.com/api/v1/transactions/predict
curl -i -X POST \
https://api.fordefi.com/api/v1/transactions/predict \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'Content-Type: application/json' \
-d '{
"vault_id": "432b199b-1f71-42bf-ba0b-33d512afa9de",
"note": "string",
"type": "aptos_message",
"details": {
"type": "personal_message_type",
"should_include_address": true,
"application": "string",
"should_include_application": true,
"chain": "aptos_mainnet",
"should_include_chain": true,
"message_to_sign": "SGVsbG8=",
"nonce": "string"
}
}'Successful Response
Aptos message type.
{ "aml_policy_match": { "is_default": true, "rule_id": "728c1541-d6d1-4290-9a53-cdf01dd32d60", "rule_name": "string", "action_type": "allow" }, "policy_match": { "is_default": true, "rule_id": "728c1541-d6d1-4290-9a53-cdf01dd32d60", "rule_name": "string", "action_type": "allow" }, "approval_request": { "state": "created", "required_groups": 0, "approval_groups": [ … ], "error_message": "string" }, "risks": [ { … } ], "note": "string", "type": "aptos_message", "chain": { "chain_type": "aptos", "unique_id": "aptos_mainnet", "name": "string", "native_currency_symbol": "ETH", "native_currency_name": "Ether", "blockchain_explorer": { … }, "logo_url": "http://example.com", "is_testnet": true, "is_enabled": true }, "sender": { "vault": { … }, "explorer_url": "http://example.com", "contact": { … }, "type": "aptos", "address": "0x3300c18e7b931bdfc73dccf3e2d043ad1c9d120c777fff5aeeb9956224e5247a" }, "aptos_message_type": "personal_message_type", "message_to_display": "string" }
https://api.fordefi.com/api/v1/transactions/{id}/push
curl -i -X POST \
'https://api.fordefi.com/api/v1/transactions/{id}/push' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'Content-Type: application/json' \
-d '{
"push_data": {
"type": "cosmos_transaction",
"transaction_body": "SGVsbG8="
}
}'Successful Response
The date and time when the object was last modified. Any change to any field of the resource is considered a modification.
Managed transaction data. Presented if the transaction was initiated from the Fordefi system itself, in contrast to unmanaged transactions (which are, for example, transfers of funds into a vault visible to Fordefi).
automatically_set if the transaction was automatically set as spam by Fordefi, manually_set if the transaction was manually set as spam by a user, and unset if the transaction was not set as spam.
Whether the transaction was signed by an external user (for example in case of imported vault).
The state of the message.
Aptos message type.
The original message that was requested to be signed, encoded in base64.
The full message to be signed, encoded in base64.
{ "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08", "created_at": "2019-08-24T14:15:22Z", "modified_at": "2019-08-24T14:15:22Z", "managed_transaction_data": { "created_by": { … }, "aborted_by": { … }, "device_signing_request": { … }, "approval_request": { … }, "aml_policy_match": { … }, "policy_match": { … }, "signer_type": "initiator", "risks": [ … ], "error_pushing_to_blockchain_message": "string", "original_error_pushing_to_blockchain_message": "string", "vault": { … }, "idempotence_id": "20a3c79f-f547-44b3-bdfc-d8aea82ad496", "has_current_user_vault_permissions": true, "batch_data": { … }, "push_mode": "auto", "last_pushed_at": "2019-08-24T14:15:22Z", "sign_mode": "auto" }, "signatures": [ { … } ], "note": "string", "spam_state": "unset", "direction": "outgoing", "signed_externally": false, "state": "waiting_for_approval", "state_changes": [ { … } ], "type": "aptos_message", "aptos_message_type": "personal_message_type", "raw_original_message_to_sign": "SGVsbG8=", "string_original_message_to_sign": "string", "raw_full_message_to_sign": "SGVsbG8=", "string_full_message_to_sign": "string", "chain": { "chain_type": "aptos", "unique_id": "aptos_mainnet", "name": "string", "native_currency_symbol": "ETH", "native_currency_name": "Ether", "blockchain_explorer": { … }, "logo_url": "http://example.com", "is_testnet": true, "is_enabled": true }, "sender": { "vault": { … }, "explorer_url": "http://example.com", "contact": { … }, "type": "aptos", "address": "0x3300c18e7b931bdfc73dccf3e2d043ad1c9d120c777fff5aeeb9956224e5247a" } }
https://api.fordefi.com/api/v1/transactions/{id}/update-spam-state
curl -i -X PUT \
'https://api.fordefi.com/api/v1/transactions/{id}/update-spam-state' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>' \
-H 'Content-Type: application/json' \
-d '{
"is_spam": true
}'https://api.fordefi.com/api/v1/transactions/{id}/trigger-signing
curl -i -X POST \
'https://api.fordefi.com/api/v1/transactions/{id}/trigger-signing' \
-H 'Authorization: Bearer <YOUR_JWT_HERE>'These endpoints allow you to manage batch transactions on the Fordefi platform.
Batch transactions are currently supported only on Solana, for the purpose of supporting the signAllTransactions flow used by certain Solana DApps. Batch transactions undergo policy evaluation as a whole: the policy is applied to a “virtual transaction” whose list of instructions is the union of the instructions of the individual transactions in the batch, and whose balance changes are the aggregation of balance changes of the individual transactions.
These endpoints allow you to manage vaults.
A vault is the basic unit to manage funds. Each vault supports a single "chain family", such as EVM, Bitcoin, Solana, Cosmos, etc., determined by the vault's type. A vault supports all the chains within the chain family (e.g., an EVM vault supports all EVM chains).
These endpoints allow you to view your vault groups.
Vault Groups are used to collectively manage policies and view permissions for a group of vaults.
The API is read-only. To manage vault groups, visit the Fordefi web console. See more info in the user guide.
These endpoints allow you to get information about the assets in your organization, including metadata, balances, and prices.
Fordefi supports native assets and fungible tokens on each of the supported blockchains, and on many chains also non-fungible tokens.
Assets are chain-specific, meaning that USDC on Ethereum is different from USDC on Polygon.
These endpoints allow you to view your user groups.
User Groups are used to collectively manage policies and view permissions for a group of users.
The API is read-only. To manage user groups, visit the Fordefi web console. See more info in the user guide.